CVE-2010-3864
published 2010-11-17CVE-2010-3864: Multiple race conditions in ssl/t1_lib.c in OpenSSL 0.9.8f through 0.9.8o, 1.0.0, and 1.0.0a, when multi-threading and internal caching are enabled on a TLS…
PriorityP356high7.6CVSS 2.0
AVNACHAuNCCICAC
EPSS
22.14%
97.4th percentile
Multiple race conditions in ssl/t1_lib.c in OpenSSL 0.9.8f through 0.9.8o, 1.0.0, and 1.0.0a, when multi-threading and internal caching are enabled on a TLS server, might allow remote attackers to execute arbitrary code via client data that triggers a heap-based buffer overflow, related to (1) the TLS server name extension and (2) elliptic curve cryptography.
Affected
22 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | openssl | < openssl 0.9.8o-3 (bookworm) | openssl 0.9.8o-3 (bookworm) |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | >= 0 < 0.9.8o-3 | 0.9.8o-3 |
| openssl | openssl | >= 0 < 0.9.8o-3 | 0.9.8o-3 |
| openssl | openssl | >= 0 < 0.9.8o-3 | 0.9.8o-3 |
| openssl | openssl | >= 0 < 0.9.8o-3 | 0.9.8o-3 |
| vmware | esxi | — | — |
| vmware | vmware_tools | — | — |
| vmware | vmware_vcenter_server | — | — |
| vmware | vmware_vsphere | — | — |
| vmware | vmware_workstation | — | — |
CVSS provenance
nvdv2.07.6HIGHAV:N/AC:H/Au:N/C:C/I:C/A:C
osv7.6HIGH
vendor_debian7.6HIGH
vendor_redhat7.6HIGH
vendor_ubuntu7.6HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VMware
Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
vendor_vmware·2011-02-10·CVSS 5.0
CVE-2008-0085 [MEDIUM] Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
VMSA-2011-0003: Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX VMware Security Advisory VMware Security Advisory Advisory ID: VMware Security Advisory Synopsis: Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX VMware Security Advisory Issue date: VMware Security Advisory Updated on: VMware Security Advisory CVE numbers:
CVEs: CVE-2008-0085, CVE-2008-0086, CVE-2008-0106, CVE-2008-0107, CVE-2008-3825, CVE-2008-5416, CVE-2009-1384, CVE-2009-2693, CVE-2009-2901, CVE-2009-2902, CVE-2009-3548, CVE-2009-3555, CVE-2009-4308, CVE-2010-0003, CVE-2010-0007, CVE-2010-0008, CVE-2010-0082, CVE-2010-0084, CVE-2010-0085,
BSD
FreeBSD-SA-10:10.openssl: OpenSSL multiple vulnerabilities
bsd_advisories·2010-11-29·CVSS 4.3
CVE-2010-2939 [MEDIUM] FreeBSD-SA-10:10.openssl: OpenSSL multiple vulnerabilities
FreeBSD-SA-10:10.openssl Security Advisory
The FreeBSD Project
Topic: OpenSSL multiple vulnerabilities
Category: contrib
Module: openssl
Announced: 2010-11-29
Credits: Georgi Guninski, Rob Hulswit
Affects: FreeBSD 7.0 and later
Corrected: 2010-11-26 22:50:58 UTC (RELENG_8, 8.1-STABLE)
2010-11-29 20:43:06 UTC (RELENG_8_1, 8.1-RELEASE-p2)
2010-11-29 20:43:06 UTC (RELENG_8_0, 8.0-RELEASE-p6)
2010-11-28 13:45:51 UTC (RELENG_7, 7.3-STABLE)
2010-11-29 20:43:06 UTC (RELENG_7_3, 7.3-RELEASE-p4)
2010-11-29 20:43:06 UTC (RELENG_7_1, 7.1-RELEASE-p16)
CVE Name: CVE-2010-2939, CVE-2010-3864
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit .
I. Background
FreeBSD includes software f
Ubuntu
OpenSSL vulnerability
vendor_ubuntu·2010-11-18·CVSS 7.6
CVE-2010-3864 [HIGH] OpenSSL vulnerability
Title: OpenSSL vulnerability
Rob Hulswit discovered a race condition in the OpenSSL TLS server
extension parsing code when used within a threaded server. A remote
attacker could trigger this flaw to cause a denial of service
or possibly execute arbitrary code with application privileges.
(CVE-2010-3864)
Instructions: After a standard system update you need to reboot your computer to make
all the necessary changes.
Red Hat
OpenSSL TLS extension parsing race condition
vendor_redhat·2010-11-16·CVSS 7.6
CVE-2010-3864 [HIGH] CWE-662 OpenSSL TLS extension parsing race condition
OpenSSL TLS extension parsing race condition
Multiple race conditions in ssl/t1_lib.c in OpenSSL 0.9.8f through 0.9.8o, 1.0.0, and 1.0.0a, when multi-threading and internal caching are enabled on a TLS server, might allow remote attackers to execute arbitrary code via client data that triggers a heap-based buffer overflow, related to (1) the TLS server name extension and (2) elliptic curve cryptography.
Statement: This issue does not affect the versions of OpenSSL as shipped with Red Hat Enterprise Linux versions before Enterprise Linux 6.
Debian
CVE-2010-3864: openssl - Multiple race conditions in ssl/t1_lib.c in OpenSSL 0.9.8f through 0.9.8o, 1.0.0...
vendor_debian·2010·CVSS 7.6
CVE-2010-3864 [HIGH] CVE-2010-3864: openssl - Multiple race conditions in ssl/t1_lib.c in OpenSSL 0.9.8f through 0.9.8o, 1.0.0...
Multiple race conditions in ssl/t1_lib.c in OpenSSL 0.9.8f through 0.9.8o, 1.0.0, and 1.0.0a, when multi-threading and internal caching are enabled on a TLS server, might allow remote attackers to execute arbitrary code via client data that triggers a heap-based buffer overflow, related to (1) the TLS server name extension and (2) elliptic curve cryptography.
Scope: local
bookworm: resolved (fixed in 0.9.8o-3)
bullseye: resolved (fixed in 0.9.8o-3)
forky: resolved (fixed in 0.9.8o-3)
sid: resolved (fixed in 0.9.8o-3)
trixie: resolved (fixed in 0.9.8o-3)
GHSA
GHSA-rvq6-rpm5-73fg: Multiple race conditions in ssl/t1_lib
ghsa_unreviewed·2022-05-14
CVE-2010-3864 [HIGH] CWE-362 GHSA-rvq6-rpm5-73fg: Multiple race conditions in ssl/t1_lib
Multiple race conditions in ssl/t1_lib.c in OpenSSL 0.9.8f through 0.9.8o, 1.0.0, and 1.0.0a, when multi-threading and internal caching are enabled on a TLS server, might allow remote attackers to execute arbitrary code via client data that triggers a heap-based buffer overflow, related to (1) the TLS server name extension and (2) elliptic curve cryptography.
OSV
CVE-2010-3864: Multiple race conditions in ssl/t1_lib
osv·2010-11-17·CVSS 7.6
CVE-2010-3864 [HIGH] CVE-2010-3864: Multiple race conditions in ssl/t1_lib
Multiple race conditions in ssl/t1_lib.c in OpenSSL 0.9.8f through 0.9.8o, 1.0.0, and 1.0.0a, when multi-threading and internal caching are enabled on a TLS server, might allow remote attackers to execute arbitrary code via client data that triggers a heap-based buffer overflow, related to (1) the TLS server name extension and (2) elliptic curve cryptography.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2010-3864 OpenSSL TLS extension parsing race condition [fedora-all]
bugzilla·2010-11-16·CVSS 7.6
CVE-2010-3864 [HIGH] CVE-2010-3864 OpenSSL TLS extension parsing race condition [fedora-all]
CVE-2010-3864 OpenSSL TLS extension parsing race condition [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include the bug IDs of the
respective parent bugs filed against the "Security Response" product.
Please mention CVE ids in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=649304
Please note: this issue affects multiple su
Bugzilla
CVE-2010-3864 OpenSSL TLS extension parsing race condition
bugzilla·2010-11-03·CVSS 7.6
CVE-2010-3864 [HIGH] CVE-2010-3864 OpenSSL TLS extension parsing race condition
CVE-2010-3864 OpenSSL TLS extension parsing race condition
A race condition flaw has been found in the OpenSSL TLS server extension
code parsing, which on affected servers, could lead to arbitrary code
execution.
All versions of OpenSSL supporting TLS extensions contain this
vulnerability including OpenSSL 0.9.8j and later and 1.0.0, 1.0.0a
releases.
Any OpenSSL based TLS server is vulnerable if it is multi-threaded and
uses OpenSSL's internal caching mechanism. Servers that are multi-process
and/or disable internal session caching are NOT affected.
Discussion:
Acknowledgements:
Red Hat would like to thank Rob Hulswit for reporting this issue.
---
Created attachment 457804
latest patches
---
Any OpenSSL based TLS server is vulnerable if it is multi-threaded and
uses OpenSSL's int
http://blogs.sun.com/security/entry/cve_2010_3864_race_conditionhttp://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2010-November/051170.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2010-November/051237.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2010-November/051255.htmlhttp://lists.opensuse.org/opensuse-security-announce/2010-11/msg00006.htmlhttp://marc.info/?l=bugtraq&m=129916880600544&w=2http://marc.info/?l=bugtraq&m=130497251507577&w=2http://marc.info/?l=bugtraq&m=132828103218869&w=2http://openssl.org/news/secadv_20101116.txthttp://secunia.com/advisories/42241http://secunia.com/advisories/42243http://secunia.com/advisories/42309http://secunia.com/advisories/42336http://secunia.com/advisories/42352http://secunia.com/advisories/42397http://secunia.com/advisories/42413http://secunia.com/advisories/43312http://secunia.com/advisories/44269http://secunia.com/advisories/57353http://security.FreeBSD.org/advisories/FreeBSD-SA-10:10.openssl.aschttp://securitytracker.com/id?1024743http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.668793http://support.apple.com/kb/HT4723http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564http://www.adobe.com/support/security/bulletins/apsb11-11.htmlhttp://www.debian.org/security/2010/dsa-2125http://www.kb.cert.org/vuls/id/737740http://www.securityfocus.com/archive/1/516397/100/0/threadedhttp://www.vmware.com/security/advisories/VMSA-2011-0003.htmlhttp://www.vupen.com/english/advisories/2010/3041http://www.vupen.com/english/advisories/2010/3077http://www.vupen.com/english/advisories/2010/3097http://www.vupen.com/english/advisories/2010/3121https://bugzilla.redhat.com/show_bug.cgi?id=649304https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.htmlhttps://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.htmlhttps://rhn.redhat.com/errata/RHSA-2010-0888.htmlhttp://blogs.sun.com/security/entry/cve_2010_3864_race_conditionhttp://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2010-November/051170.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2010-November/051237.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2010-November/051255.htmlhttp://lists.opensuse.org/opensuse-security-announce/2010-11/msg00006.htmlhttp://marc.info/?l=bugtraq&m=129916880600544&w=2http://marc.info/?l=bugtraq&m=130497251507577&w=2http://marc.info/?l=bugtraq&m=132828103218869&w=2http://openssl.org/news/secadv_20101116.txthttp://secunia.com/advisories/42241http://secunia.com/advisories/42243http://secunia.com/advisories/42309http://secunia.com/advisories/42336http://secunia.com/advisories/42352http://secunia.com/advisories/42397http://secunia.com/advisories/42413http://secunia.com/advisories/43312http://secunia.com/advisories/44269http://secunia.com/advisories/57353http://security.FreeBSD.org/advisories/FreeBSD-SA-10:10.openssl.aschttp://securitytracker.com/id?1024743http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.668793http://support.apple.com/kb/HT4723http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564http://www.adobe.com/support/security/bulletins/apsb11-11.htmlhttp://www.debian.org/security/2010/dsa-2125http://www.kb.cert.org/vuls/id/737740http://www.securityfocus.com/archive/1/516397/100/0/threadedhttp://www.vmware.com/security/advisories/VMSA-2011-0003.htmlhttp://www.vupen.com/english/advisories/2010/3041http://www.vupen.com/english/advisories/2010/3077http://www.vupen.com/english/advisories/2010/3097http://www.vupen.com/english/advisories/2010/3121https://bugzilla.redhat.com/show_bug.cgi?id=649304https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.htmlhttps://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.htmlhttps://rhn.redhat.com/errata/RHSA-2010-0888.html
2010-11-17
Published